提交 #580255: redash <25.1.0 Sandbox Issue信息

标题redash <25.1.0 Sandbox Issue
描述Redash is a popular open-source platform for visualizing and querying data. It uses RestrictedPython as its sandbox environment to securely execute Python queries. In its documentation, redash claims their default 25 builtin functions are considered safe. However, redash insecurely restores access to the getattr builtin function which was supposed to be overwritten by the secure version of safer_getattr implemented in Restricted Python. This leads to sandbox escape without any extra module importation needed.
来源⚠️ https://gist.github.com/superboy-zjc/1f89d375e2408ed843dc2cf0bb1bb894
用户
 Gavin Zhong (UID 84092)
提交2025-05-18 18時13分 (11 月前)
管理2025-06-08 19時53分 (21 days later)
状态已接受
VulDB条目311633 [Redash 直到 10.1.0/25.1.0 getattr /query_runner/python.py run_query 权限提升]
积分20

Want to stay up to date on a daily basis?

Enable the mail alert feature now!